-----Original Message-----
From: MH Michael Hammer (5304) [mailto:MHammer(_at_)ag(_dot_)com]
Sent: Monday, September 13, 2010 12:27 PM
To: Murray S. Kucherawy; McDowell, Brett
Cc: dkim-ops(_at_)mipassoc(_dot_)org
Subject: RE: [dkim-ops] BCP for authorizing third-parties ([...] was
subdomain vs. cousin domain)
Actually not quite true Murray.
If I am signing for americangreetings.com and I delegate
email.americangreetings.com to ExactTarget (a real example) and they
are
generating their own keys for email. and signing, that is a first party
signature as far as the verifier is concerned (not 3rd party).
It also doesn't integrate email. into the base domain of
americangreetings.com from a verifier perspective.
But I, as a verifier, can't tell that email.americangreetings.com is actually a
third party. It's just another domain to me.
Things like TPA or DSAP attempt to make the delegation of authority visible,
but the ones that use DNS mechanisms like CNAME and NS don't do so.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops